Head of Information Security

Head of Information Security | London

We are Monex, a specialist in commercial foreign exchange. We offer a range of FX services aimed at corporate and institutional clients to manage foreign exchange exposure and international payments. Our team of experts provides personalized and proactive service, helping clients execute thoughtful FX strategies tailored to their specific business needs.

As part of the Monex SAB de CV financial group, we support over 70,200 clients worldwide, offering local expertise in various regions including the UK, Luxembourg, Canada, and Singapore. Our goal is to empower clients to make better-informed business decisions in a fast-moving and volatile market.

Department Overview

The Information Technology (IT) department is responsible for all technology development and operations across the company.

IT Infrastructure and Development 

The IT department installs, upgrades, maintains, tests and supports all the company’s IT infrastructure and services. The IT Department also designs, develops, tests and supports all internal and customer facing applications and services

Interface with Business Users 

IT interacts across the business to determine the technology requirements to align with the needs of the business and its clients. A clear understanding of how business users build, access, share and use data helps them to design and implement solutions that can enable the business to operate effectively, efficiently and innovatively. 

Evaluating New Technologies 

IT will evaluate current and potential vendor products and services, and build models to explore the risks and benefits of introducing new technologies, applications, equipment and other vendor offerings into the workplace. 

Job Overview

As the Head of Information Security you will lead and oversee all aspects of the organization's information security strategy, ensuring the protection of sensitive data, transactions, and systems.  

This role requires a strong leadership presence, a deep understanding of IT Security, regulatory compliance and expertise in both technical and strategic security measures. 

Key Responsibilities & Accountabilities

• Leadership Experience: 8-10 years of experience in Information Security or Cybersecurity roles, with at least 5 years in a managerial or leadership position. 

• Track record of leading security teams and managing cross-functional collaboration to mitigate security risks. 

• Developing and implementing security policies and incident response plans at the enterprise level. 

• Cloud security and managing security in cloud environments (e.g., AWS, Azure). 

• In-depth knowledge of compliance standards and regulations like GDPR, PCI DSS, MiFID II, and FCA requirements

Business Knowledge / Technical Skills

Cybersecurity Fundamentals 

• Risk Management: Ability to assess, identify, and mitigate security risks to the organization. 

• Threat Intelligence: Knowledge of current cyber threats, attack vectors, and emerging trends. 

• Security Frameworks & Standards: Familiarity with industry standards like NIST, ISO 27001/27002, CIS Controls, SOC 2, GDPR, and PCI-DSS. 

• Develop Cyber security reporting and dashboards for Management reporting 

• Intrusion and threat Detection/Prevention Systems (IDS/IPS): Experience with IDS/IPS solutions to monitor network traffic and prevent breaches. 

• Virtual Private Networks (VPNs): Understanding of secure VPN configurations (IPsec, SSL VPNs, etc.). 

Application Security

• Secure Software Development Lifecycle (SDLC): Knowledge of integrating security at every stage of software development. 

• OWASP Top 10: Familiarity with web application security risks and mitigation techniques. 

• Static & Dynamic Application Security Testing 

Identity and Access Management (IAM) 

• Single Sign-On (SSO) and Multi-Factor Authentication (MFA): Experience in managing identity systems to control access to systems. 

• Privilege Access Management (PAM): Familiarity with tools to monitor and control access to sensitive systems 

• Role-Based Access Control (RBAC): Implementing policies that define user permissions based on roles. 

Cloud Security 

• Cloud Security Architecture: Understanding of securing cloud environments  

• Identity and Access in Cloud: Experience with cloud IAM features to manage user access securely. 

Security Operations and Incident Response 

• Security Information and Event Management (SIEM): Experience with SIEM tools like Threatlocker, QRadar, or similar systems for real-time analysis and incident response. 

• Incident Response (IR): Ability to lead and manage security incidents, including containment, eradication, and post-incident analysis. 

• Digital Forensics: Understanding of methods for investigating and analysing cyberattacks and breaches. 

Data Protection & Encryption 

• Data Loss Prevention (DLP): Expertise in configuring DLP solutions to protect sensitive data. 

• Encryption: Knowledge of encryption standards/tools 

• Backup and Recovery: Ensuring proper backup solutions are in place, and understanding disaster recovery plans. 

Systems / Knowledge Skills

• IT Security (ISO 27001) 

• Cloud Technology (Azure, AWS, GCP) 

• Agile (Scrum) 

• IT Infrastructure (Servers, Network, Desktop) 

• ITSM tools and processes 

• Database Technologies 

• Remote access 

• Banking and counterparty systems 

• MS Office Suite 

• HR System – Workday 

• Internally developed Enterprise system

If you like wild growth and working with happy, enthusiastic over-achievers, you'll enjoy your career with us!